NotPetya targets governmental institutions and corporations globally

On June 27, 2017, IT specialists from around the globe had to join forces again to curb the threat which has caused no smaller global chaos than former virtual infection – WannaCry. The malware succeeded in inflicting damage by targeting security loopholes in Windows systems.

Among the affected companies and institutions were:

Ukraine Chernobyl power plant

U.S. pharmaceuticals company’s Merck Ireland offices;

British law firm DLA Piper;

Spanish food producer Mondelez

Russian oil company Rosneft;

Danish shipping and transportation company AP Maersk;

Russian steel firm Evras;

French construction materials company Saint-Gobain;

Is this the latest version of Petya?

When the malware firstly manifested itself, suspicions arose that the malware was none other than the latest version, Petrwrap, of the widely-known Petya. It seems that such assumptions were false.

The infection seems to be a different virtual threat. Thus, cyber security forces have named it as NotPetya. Within this short period, the virus has already acquired Alternative names: Petya.a, Petna, and Nyetya.

Unlike former cyber headache, WannaCry, the malware does not encrypt files but rather modifies MBR settings which results in system failure to boot a device. Within several hours, more than 2000 attacks were recorded. Thus, the felons require 300 dollars.

While the malware disrupted daily processes in dozens of governmental institutions and private companies, Ukraine turns out to be the prime target. Besides Chernobyl power plant, Kiev airport had to delay some flights. Unfortunately, the company did not take necessary measures since previous WannaCry and XData cyber assaults to prevent Petya.a attack.

There is still little information and evidence to assume the identify of a possible culprit. However, some IT experts have issued allegations to Ukrainian software developer MeDoc for letting the malware loose. They suspect that the company was hacked and NotPetya/Petya.a infected affiliated systems via corrupted updates.

Solution has been found

While the identity of the culprit is surely an intriguing discussion topic, now the virtual community has to solve the riddle how to terminate the infection. Fortunately, bright minds of the cyber security forces have come up with a prevention strategy.

Lawrence Abrams has urged netizens to create a perfc text file and paste it in C:/Windows folder. For users who might find this advice confusing might download the already created batch file. This action suggests that the malware is programmed to scan the device to identify whether the system is infected already. However, such diversion should save you from this menace while IT experts will come up with long-term countermeasures.